Stargazer Goblin
Stargazer Goblin is a threat actor (since August 2022) which operate a network (over 3.000 inauthentic GitHub accounts) known as Stargazers Ghost Network that distribute malware (ransomware, infostealers) such as: Atlantida Stealer, Rhadamanthys, and share malicious links.[1][2][3][4][5] It acts as a Distribution as a Service (DaaS).[6][7][8][9]
Research has shown that Stargazer Goblin's operations include using open directories to share malware and stolen data, employing freely accessible resources as a strategy to evade detection. These open directories often contain malicious tools and compromised information, which are used to expand their reach and distribute malware. Analysis of their tactics, techniques, and procedures (TTPs) indicates potential overlaps with other threat actors, suggesting shared methods within the cybercriminal ecosystem.[10]
References
[edit]- ^ https://thehackernews.com/2024/07/stargazer-goblin-creates-3000-fake.html%7C
- ^ Burgess, Matt. "A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub". Wired – via www.wired.com.
- ^ Ezenwa, Eric. "How 'Stargazer Goblin' leveraged GitHub for large-scale malware attacks". Interesting Engineering.
- ^ Horwood, Penny. "Malicious 'ghost' DaaS network spreading malware through GitHub". www.computing.co.uk.
- ^ "Stargazers Ghost: $100K GitHub Malware Network Exposed". July 29, 2024.
- ^ "Threat Actor Stargazer Goblin Uses Over 3,000 GitHub Accounts for Malware Distribution - CPO Magazine". 2 August 2024.
- ^ ""'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware"". sosvo-staging.isis.vanderbilt.edu.
- ^ "Network of 3,000 GitHub Accounts Used for Malware Distribution - SecurityWeek". 25 July 2024.
- ^ "3,000 "ghost accounts" on GitHub spreading malware".
- ^ "Echoes of Stargazer Goblin: Analyzing Shared TTPs from an Open Directory". 2024-11-22.
 | This article about a criminal organization is a stub. You can help Wikipedia by expanding it. |